Integration's Secret Weapon for Dealing with BYOD

Surely I'm not the only one underwhelmed by the BYOD (bring your own device) hoopla. Haven't you been dealing with this for, oh, almost a decade when people started using their own laptops and home PCs?

No, the problem isn't people using their own devices. The problem is people are using devices like phones and tables, with their spare mobileoperating systems to connect to enterprise resources.

Nobody likes to admit it, but IT is woefully behind consumer tech and often clueless when it comes to dealing with mobile software and operating systems. That's the real issue here.

Surprisingly, it seems IT may be able to take a page out of the integration playbook to deal with the BYOD dilemma.

A recent post on GigaOm argues that APIs (application program interfaces) and API management solutions could be the key to mediate the problems between the old world of enterprise apps and the brave new world of BYOD.

And I'll grant you the GigaOm piece isn't unbiased. On the contrary, it's written by Matt McLarty, the vice president of client solutions for API management company Layer 7 Technologies. But hear the man out before you dismiss this as marketing hype.

He recounts the adventures of two companies - an airlines and an electronics company - as they tried to make enterprise applications mobile. Suffice to say, their first attempts went awry, so they tried using an API as the border between the presentation (mobile) layer and the logic (enterprise-based) tier. This allows you to design for mobile OSes, while still utilizing your enterprise systems, he explains.

APIs can also be used to address compliance and security concerns, he writes:

This API proxy plays a dichotomous role. It opens and eases integration with enterprise APIs, and it enforces the policies that check user identity and control access to backend resources and data. Due to the mixed personality of BYOD devices - business and pleasure - no API request message can be trusted outright. Identity must be checked using any number of principals - app, device, end user - and weighed against the requested assets.

And, as an added benefit, it so happens that APIs are a great way to address the integration challenges of moving enterprise apps to mobile platforms. That said, I'm not sure I agree with his point about this being a "developer-driven approach to integration" that is seen as "a refreshing shift from the current SOA state " Actually, I'm not even sure I understand what he means by that.

Still, it's a viewpoint worth considering as you consider how to incorporate BYOD and mobile devices in general into the enterprise.

If you can't beat them, you might as well integrate them, right? And when it comes to BYOD, the research suggests you can't beat 'em: Within two years, Gartner predicts 90 percent of organizations will support corporate applications on consumer devices and 80 percent of professionals will use at least two personal devices to access corporate data.

Thanks Lorraine for the analysis. I lived through SOA from its inception, and I found it to be driven primarily by enterprise architects (like me) who needed to reign in the enterprise developers and get cooperation in order to benefit the overall enterprise. This was a big challenge, since budgets often lived with those developers and their corresponding LOB's. As a result, SOA Governance was oriented from a top down, architect-as-judge-and-jury perspective. By contrast, the user experience needs of mobile shifts the balance of power further to the app developers, so API management has more of an incentive-based approach: make your API understandable and attractive and apps and their developers will use it.

I hope that clarifies it (but maybe it confuses it further ). Thanks again for reading! ...Matt

I'm not sure that using API's excludes a SOA architecture. In fact, even that "conversation" distracts from the main point.

I should write a book (it would be a comic tragedy) on the stories I hear about how woefully inadequate IT is to handle this sort of stuff.

While I believe API's are the answer, the real solution will only come from IT departments willing to deploy custom applications that are targeted at specific user behaviors. Why do I use one app, and you another? Personal preference maybe. Or, I like that the app does something one way, you like it another. That attitude simply doesn't exist in corporate IT where one-size-fits-all.

Matt, I found your article had a critical insightful point... the point you made about the airline employees who chose not to use a clunky app. That's unusual. I can't imagine my grandfather deciding to use a different sewing machine than the one they gave him to do his job. (Sure, I'm exaggerating melodramatically, but you get the point).

My company is a case-in-point. We're an integration company, yet we use the off-the-shelf Salesforce.com UI. Without saying anything private or negative about my employer... I will say that if you need to "train sales engineers on a UI" it's the UI that's broken. This is not an unusual situation. Companies simply can't afford to write all the apps they need to run their business. I'm not sure what the answer to that is (If I knew, I'd be working there).

Mobile device usage is like ants marching. You can't stop it. So true. This is how I explain the Bring Your Own Device (BYOD) issue to upper management.

This is a big issue in the healthcare industry, where HIPAA and patient data confidentiality can lead to major law suits for loss or unsecured use of data by mobile devices.

The problem is that the data is on the BYOD device, and if it is lost or stolen, then the data can be accessed.

The problem is that the large centralized BYOD systems are expensive and very restricting for the users.

Like ants, we can't stop doctors and nurse from emailing or texting confidential patient data from their smart phones and iPads.

Instead, we try to provide them with tools to help them keep the data secure.

Example, for text messaging we got all the doctors to use Tigertext, which is HIPAA compliant since it is a secure closed network that works on most smartphones, and deletes the text message after a period of time. At $10 a user it is very cost effective and saving the hospital from millions in law suits.